Traditionally, enterprises have maintained the security of their data by keeping the data within a firewall. The advent of cloud computing, however, offers two main benefits to the consumer: sharing of infrastructure (computer storage and processing services) and sharing of applications (software services) to reduce capital expenditure and total cost of ownership. With cloud computing, software, platforms, and infrastructure can be provided as services to enterprises or individual users. The benefits of cloud computing solutions, however, come with increased risks in relation to data security because potentially sensitive data is stored and processed on servers owned by third parties and is likely to be passed between servers within the cloud.
There are many known methods which can be used to obfuscate data (which may also be referred to as ‘data masking’) to protect the sensitive parts, e.g. identifiable patient data in a healthcare application or personal financial data in a banking application, and these methods include encryption of the data (e.g. using a data transformation algorithm such as AES128) and surrogation of the data (e.g. by systematically replacing certain text with alternative values). In an example of a data security system, data that needs to be accessed by a third party may be copied from a database storing the original data to a second database and stored in obfuscated form on that second database. The third party can then be granted access to the obfuscated data in the second database and this prevents the third party from having any ability to access to the original sensitive data. Such a system, however, is not suitable for implementation in a cloud computing environment, because the system provides a very static solution and cannot respond to the dynamic transportation of data across multiple servers or the setting up of processing capability on demand.
The embodiments described below are not limited to implementations which solve any or all of the disadvantages of known methods of providing data security.